Leading Cause of Data Security Breaches Are Due to Insiders, Not Outsiders

Ponemon Study Reveals That the Most Likely Threat to Data Security Is Not the

Outsider, But Rather Negligent, Incompetent or Malicious Corporate Insiders

Feb 08, 2005, 00:00 ET from Vontu Inc.

    SAN FRANCISCO and TUCSON, Ariz., Feb. 8 /PRNewswire/ -- According to a
 recent study jointly released by Vontu Inc., the leader in Data Loss
 Prevention solutions, and the Ponemon Institute, a research institute
 dedicated to privacy management practices in business and government, the most
 likely threat to information security is not the typical hacker, virus or
 worm, but rather the malicious or careless corporate insider.
     The study, titled Ponemon Institute's Survey on Data Security Breaches,
 reveals that sixty-nine percent of companies reporting serious data leaks
 responded that their data security breaches were the result of either
 malicious employee activities or non-malicious employee error. In fact, the
 number one leading cause of data security breaches resulted from non-malicious
 employee error (39%). The Ponemon Institute concludes that these breaches are
 typically the consequence of complacency or negligence from lax or
 insufficient access controls to sensitive or confidential data. Only sixteen
 percent of serious data leaks were linked to hackers or external penetration.
     "The rise in identity theft and cyber crime has made data security a top-
 of-mind issue for many Americans as well as corporations," said Larry Ponemon
 of the Ponemon Institute. "Companies spend considerable resources to combat
 outsiders, and the data suggests they are successful. However, companies have
 begun to realize that to protect customer trust, company brand and competitive
 secrets, they must now focus on the threat within."
     "Organizations must become more aware of the source of information loss,
 and then they can adopt best practices to address the issue," said Joseph
 Ansanelli, CEO of Vontu. "This survey highlights the severity of the insider
 threat problem. We believe that companies need to focus not only preventing
 customer information loss, but also the loss of other confidential information
 such as source code, intellectual property, merger and acquisition
 information, design documents, network diagrams, and marketing documents."
     Of the 163 companies surveyed, seventy-five percent reported a serious
 security breach had occurred within the past twelve months. The survey also
 revealed the most common types of data security breaches. The majority of data
 breaches involved the loss of confidential business information, followed
 closely by the loss of personal customer information. The survey reports that
 of the top data security breaches:
      *    39% involved confidential business information
      *    27% involved personal information about customers
      *    14% involved intellectual property including software source code
      *    10% involved personal information about employees
     The study is a subset of results from a larger Ponemon study entitled
 Ponemon Institute's Corporate Data Security Practices. The research included
 questions about data security and privacy breaches occurring within a time
 period of twelve months. The results were captured over a five week period in
 Fall 2004. One hundred sixty-three companies were surveyed, with a majority
 being Fortune 1000 US companies. Other participating companies included large,
 non-publicly traded corporations, government entities and smaller public
     To read the study, please visit
     About the Ponemon Institute
     The Ponemon Institute(C) is a think tank dedicated to advancing
 responsible information management practices in business and government. To
 achieve this objective, the Institute conducts independent research to promote
 best practices, to educate leaders from the private and public sectors and to
 verify the privacy and data protection practices of organizations.  The
 institute is headquartered in Tuscon, Arizona. For more information visit
     About Vontu, Inc.
     Vontu is the industry's first Data Loss Prevention solution that stops
 confidential information, including customer data and intellectual property,
 from being sent outside the corporate network. Vontu solutions help customers
 reduce their financial risk, including remediation costs and legal exposure,
 protect brand equity and customer loyalty, and ensure compliance with internal
 policies and government regulations. Vontu customers include the Fortune 1000
 and Global 2000 in financial services, manufacturing, retail, media,
 healthcare and telecommunications.  More information about Vontu can be found
 at www.vontu.com.

SOURCE Vontu Inc.